79 matches found
CVE-2026-24716 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2026-24716 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-66281 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build...
CVE-2025-66281 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build...
CVE-2025-66280
CVE-2025-66280 describes an integer overflow/wraparound vulnerability affecting several QNAP OS versions. The issue is exploitable when a remote attacker who has an administrator account can trigger the flaw to compromise system security. Affected products and versions (as fixed) include: QTS 5.2...
CVE-2025-66273
CVE-2025-66273 is a command-injection vulnerability affecting several QNAP OS versions. If an attacker gains an administrator account, they can execute arbitrary commands. Fixed in QTS 5.2.9.3410 build 20260214 and later, QuTS hero h5.2.9.3410 build 20260214 and later, QuTS hero h5.3.4.3500 build...
CVE-2026-41539 QTS, QuTS hero
A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS...
CVE-2025-47205
A NULL pointer dereference vulnerability affecting several QNAP OS lines. An attacker who already has an administrator account can trigger a network-based DoS on affected systems. Affected products include QTS 5.2.8.3332 build 20251128 and later, and QuTS hero h5.2.8.3321 build 20251117 and later...
CVE-2025-47205 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-58466 QTS, QuTS hero
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have alread...
CVE-2025-58466
CVE-2025-58466 affects QNAP QTS and QuTS hero: a use of uninitialized variable issue that can be exploited by an attacker with an administrator account to cause denial of service or alter control flow. Affected: QTS before 5.2.8.3332 build 20251128 and earlier; QuTS hero before h5.2.8.3321 build ...
Qnap QTS and QuTS hero Allocation of Resources Without Limits or Throttling (CVE-2025-47208)
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same...
Qnap QTS and QuTS hero Improper Neutralization of Special Elements used in an SQL Command (CVE-2025-62849)
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and...
Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-52857)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-54166 QTS, QuTS hero
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...
CVE-2025-54165 QTS, QuTS hero
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...
CVE-2025-54164 QTS, QuTS hero
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...
CVE-2025-53596 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-53591 QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...
CVE-2025-53589 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...